Sign up for our weekly security newsletter

New Threats Out To Defeat Anti-Virus Products

A new technically-empowered malware has surfaced that defeats the conventional signature-based security programs in blocking new breeds of worms and viruses, said experts at the 'RSA Security Conference' in San Francisco on 6th February 2007.

Previous tendencies have been to mass distribute copies of the same virus, with the minor deviation of creating one or just a small number of variants. But as anti-virus software developed quicker ways of detecting and neutralizing malicious code, code writers too started innovation of their techniques.

The recent attacks involved large numbers of exclusive malware variants, which the distributors had released simultaneously or in succession. These are called 'server-side polymorphic malware' with which by the time a signature is ready to remove one variant that variant has ceased to circulate, and many others have arrived.

Signature-based solutions are now crushing under the weight of the numerous attacks from online criminals, said president of RSA Inc, Art Coviello. There may be release of nearly 200,000 virus variants, this year alone, he said. In addition, the anti-virus companies are slow in coping with malware, which can take an average of two months to catch up with them.

In contrast to previous malware attacks that came with less variants and large volumes, today's malware authors have created them to be ahead of signature-based products by appearing in less numbers but through multi-variant outbreaks, says president of Commtouch Software Ltd., Amir Lev.

The recent Storm Worm is an example of the modern 'server-side polymorphic viruses'. These have large numbers of exclusive variants in low volumes, sustaining for short periods but hard to hold back with only one signature.

Hackers now employ server-side polymorphic techniques to self- replicating Trojans, according to founder of the Kaspersky Lab Inc., Eugene Kaspersky. Attackers plant such trojans on malicious websites, where they multiply whenever there is a download, and which are nearly impossible to detect. It is challenging to develop an automated tool to defend against such Trojans, Kaspersky said. But efforts to establish a special mechanism to clear the malicious code must go on, although it will take time given the uniqueness of every Trojan.